[Dshield] Tracking and Reporting Probes
dshield at webfocus.com
Tue Mar 26 05:31:44 GMT 2002
Company ABC is setup with a block of 32 static IP address.
IP Usage as follows.
1 for the Gateway
1 for the Firewall *
2 for FTP Server ( DMZ) *
2 for Web Server ( DMZ) *
2 for DNS Servers ( DMZ) *
5 for One to One NAT in to the LAN *
So ABC Company is user 13 out of the 30 useable IP's. The firewall will
report on the Attacks/Probes ( If setup correctly ) on the IP's that the
Firewall knows about on the DMZ and the One to One NAT and the IP of the
firewall it self.
There are still 17 IP that are just hanging in limbo. Maybe in some
database or spreadsheet as they are open for future use of some sort.
*) Should the Extra IP's be lift in limbo? Will never know what kind of
attacks/probes that are happening on the 17 IP's.
*) Should a PC with Labrea be placed in the DMZ to act Network connection
for the 17 IP's? Can Now Track , Slowdown and monitor now.
*) Or on the Firewall Setup OneToOne NAT to a fake private IP Block? This
will allow the same monitoring tools to be used on the other IP's. Draw
back is the impact that it will have on the firewall itself.
More information about the list